CVE-2023-27624 Scanner

The WordPress Redirect After Login plugin is widely used by WordPress website administrators to manage and customize the user redirect process after login. Created by the redirect_after_login_project, this plugin allows administrators to redirect users to specified URLs based on their user roles. It is particularly popular among website owners looking to enhance user experience or enforce specific workflow strategies. The plugin is a versatile tool that integrates seamlessly with the broader WordPress framework. Organizations and individual website managers alike employ it to enforce better navigation tactics. With its intuitive interface, administrators can easily configure the redirect settings without needing extensive technical expertise.

The vulnerability in question is a stored cross-site scripting (XSS) flaw found in the WordPress Redirect After Login plugin. XSS vulnerabilities allow attackers to inject malicious scripts into web pages viewed by other users. In this specific situation, the vulnerability stems from insufficient sanitization of the login redirect parameter. The exploitation of this vulnerability requires administrative privileges, indicating that an attacker would need to gain such access to exploit it successfully. Nevertheless, the impact is significant as it allows the execution of scripts in the context of the site. Potentially, this could lead to serious issues such as session hijacking or site defacement.

The technical details highlight that the vulnerable endpoint in the plugin lies within the administrative settings page. The vulnerable parameter is associated with the 'redirect_to' URL, which can be manipulated by an attacker after accessing the page options-general.php?mtral. Further, the exploitation process involves capturing the 'nonce' value, which is mandatory for updating the option settings; this is embedded into the URL in the options.php post request. Once this is achieved, a payload containing malicious JavaScript can be injected into the URL, enabling the script's execution upon visiting the infected page.

If exploited, the effects of this vulnerability can be detrimental. Users visiting the affected page can be subjected to unauthorized script executions, putting their sessions at risk. Apart from session hijacking, this vulnerability could also lead to unauthorized data access, manipulation, and potentially defacement of the website. Such an attack can tarnish the website's reputation and lead to the loss of user trust. The said plugin's vulnerability highlights the importance of implementing robust input validation similar plugins should also address. Continuous monitoring for such vulnerabilities is crucial for maintaining site integrity and security.

REFERENCES

• https://patchstack.com/database/vulnerability/redirect-after-login/wordpress-redirect-after-login-plugin-0-1-9-cross-site-scripting-xss-vulnerability
• https://nvd.nist.gov/vuln/detail/CVE-2023-27624